Text Size

HEARINGS TO WATCH THIS WEEK – Two can’t miss hearings for Cyber-watchers this week: On Tuesday, the Senate Judiciary Subcommittee on Crime and Terrorism holds a rescheduled hearing on “economic espionage” and IP theft, a growing concern for businesses in cyberspace. The chairman and ranking member of the subcommittee, Sens. Sheldon Whitehouse and Lindsey Graham, last summer released a discussion draft of legislation that aims to help prosecutors better go after trade secret theft, especially foreign state-sponsored IP theft (http://1.usa.gov/1gsPsQ2). The hearing is Tuesday at 2:30.

ON THURSDAY, Senate Homeland Security’s Permanent Subcommittee on Investigations holds a hearing on “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy,” based on an investigation helmed by Ranking Member Sen. John McCain. “Specifically, the subcommittee is investigating data collection processes and security vulnerabilities that have inflicted significant costs on Internet users and American businesses,” a meeting notice said. A witness list will be released today. We’ll be tracking both.

SCOOPLET: GLOBAL CYBER TALKS PLANNED – Preparations will begin next month for the EastWest Institute’s fifth Global Cyberspace Cooperation Summit set for Berlin in December. The think tank will hold a roundtable in June in San Francisco on international cooperation in cyberspace that will set out breakthrough groups on a variety of topics ahead of the winter confab. Previous iterations of the summit have been held in Dallas, London, New Delhi and last year in Silicon Valley. The gatherings, this one co-hosted by the German foreign ministry, are so-called Track Two talks – international meetings of non-governmental organizations and experts that try to move global cooperation forward.

TOP TALKER: FEDS WANT EASIER HACKING – “The Justice Department is seeking a change in criminal rules that would make it easier for the FBI to obtain warrants to hack into suspects’ computers for evidence when the computer’s physical location is unknown — a problem that officials say is increasing as more and more crime is conducted online with tools to conceal identity,” The Washington Post’s Ellen Nakashima reported over the weekend. “But the proposal, which was posted for public comment on a U.S. court Web site Friday, is raising concerns among privacy advocates who see it as expanding the power of federal agents to insert malware on computers, which they say could weaken overall Internet security.” More: http://wapo.st/RzXm3R

HAPPY MONDAY and welcome to Morning Cybersecurity, where I want to dedicate this space today to my amazing mother. Mother’s Day was yesterday, but she is the best 24/7, all year round. And of course, to all the moms out there for all you do. In that vein, here is an unbearably adorable baby dwarf antelope from the Lincoln Park Zoo in Chicago that needs a name: http://trib.in/1qufsnO. As always, send your tips, thoughts, feedback and how excited you are for our official launch this week to tkopan@politico.com and follow @talkopan, @POLITICOPro and @MorningCybersec.

HAGEL TALKS CYBER ON SUNDAY SHOWS – Defense Secretary Chuck Hagel sat down with ABC News’s Martha Raddatz for an interview with ABC’s Sunday show “This Week” yesterday, and the two talked cybersecurity, an issue Hagel has been “focusing on,” per Raddatz. She asked about his confidence that U.S. drones and guided weapons would not be hacked. “I'm not confident of anything in this business. You can't be,” Hagel said. “But the fact is, Martha, it is as dangerous a threat that we're dealing with, the world deals with, especially the United States, as any one threat. It's quiet. It's insidious. It's deadly.” Asked if people were not paying enough attention, Hagel replied: “I do fear that's true. We are, I'll tell you. We are.”

--Also from Sunday, former Defense Secretary Robert Gates named D.C. dysfunction as the greatest threat to national security. More from Byron Tau: http://politi.co/1nwb45D

CYBERSECURITY LOBBYING WAY UP – The number of lobbying firms focused on cybersecurity and data issues has roughly tripled since 2008, The Washington Post reports, a trend driven, in part, by corporations responding to major data breaches. Target, for example, hired the firm Venable in February after a December breach that affected up to 70 million customers. From the Post: “Between 2008 and 2012, the number of companies, trade associations and other groups lobbying on data or cybersecurity matters climbed steadily from 108 to 321, and dipped slightly in 2013 to 314. Those figures reflect lobbying activity by companies’ in-house lobbyists who listed ‘data security,’ ‘cybersecurity’ or ‘cyber security’ on lobbying disclosure forms.” The story: http://wapo.st/1lli2ag

REPORT: FORGED DIGITAL CERTIFICATES SIGNFICANT – “Computer scientists have uncovered direct evidence that a small but significant percentage of encrypted Web connections are established using forged digital certificates that aren't authorized by the legitimate site owner,” Ars Technica reports. “The analysis is important because it's the first to estimate the amount of real-world tampering inflicted on the HTTPS system that millions of sites use to prove their identity and encrypt data traveling to and from end users. Of 3.45 million real-world connections made to Facebook servers using the transport layer security (TLS) or secure sockets layer protocols, 6,845, or about 0.2 percent of them, were established using forged certificates.” The story: http://bit.ly/1jwEuhj

ICYMI: Some big stories from Friday:

-- CERTIFICATES NOT UPDATED AFTER HEARTBLEED, REPORT SAYS: The vast majority of websites affected by the Heartbleed Bug have taken no action to update their PKI certificates – or worse, inadequate action – said British Internet security firm Netcraft in a Friday blog post. Since Heartbleed was announced April 7, only 43 percent of affected website administrators have taken steps to get new certificates, Netcraft said. And some who have haven’t changed their private key, so those admins probably believe they’ve fixed their exposure to Heartbleed, but in fact they’re still vulnerable. Only about 14 percent of websites have taken all necessary PKI steps – replacing old certificates, revoking the old ones, and ensuring the new one uses a different private key, Netcraft estimates. The post: http://bit.ly/1s9WVbR

THE NEXT BIG IDEA: BOTNETS FOR GOOD? – George Mason University researchers have developed a new approach to getting the necessary computing power to study Alzheimer’s disease, and it may borrow a page from hackers – or turn it on its head. Re/Code reports that the computational biology team has built a piece of software that anyone can download that will allow them to dedicate their own computer’s idle time to the cause. “The computer simulations can take months or even years with limited computing power, so the researchers collaborated with Paragon Computation on the Compute Against Alzheimer’s Disease project. The distributed computing platform allows thousands of computers to work together on the problem all at once. Anyone can install the software, which runs when their computer is idle, chipping into the scientific effort whenever it can.” More: http://on.recode.net/1siHKNE

QUICK BYTES

-- A cybercrime boss is putting up a Ferrari to go the hacker who can develop the best scam, European official says. International Business Times: http://goo.gl/CxShvB